Ethercat Zeek Plugin

View CSAF

1. EXECUTIVE SUMMARY

• CVSS v3 9.8
• ATTENTION: Exploitable remotely/low attack complexity
• Vendor: CISA
• Equipment: Industrial Control Systems Network Protocol Parsers (ICSNPP) – Ethercat Plugin for Zeek
• Vulnerabilities: Out-of-bounds Write, Out-of-bounds Read

2. RISK EVALUATION

Successful exploitation of these vulnerabilities could allow remote code execution.

3. TECHNICAL DETAILS

3.1 AFFECTED PRODUCTS

The following GitHub commits (versions) of ICSNPP – Ethercat Plugin, a plugin for Zeek, are affected:

• Industrial Control Systems Network Protocol Parsers (ICSNPP) – Ethercat Zeek Plugin: versions d78dda6 and prior

3.2 Vulnerability Overview

3.2.1 OUT-OF-BOUNDS WRITE CWE-787

Industrial Control Systems Network Protocol Parsers (ICSNPP) – Ethercat Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds write in their primary analyses function for Ethercat communication packets. This could allow an attacker to cause arbitrary code execution.

CVE-2023-7244 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

3.2.2 OUT-OF-BOUNDS WRITE CWE-787

Industrial Control Systems Network Protocol Parsers (ICSNPP) – Ethercat Zeek Plugin versions d78dda6 and prior are vulnerable to out-of-bounds write while analyzing specific Ethercat datagrams. This could allow an attacker to cause arbitrary code execution.

CVE-2023-7243 has been assigned to this vulnerability. A CVSS v3.1 base score of 9.8 has been calculat

[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.